The SPEC being referred to is a NIST one, rather than ANSI. see: http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8060 Which is open. Its in its second reading right now, and its in a

here's the link: https://docs.google.com/document/d/1j6LWnkh5GbMV9Xo5_zJ0wTNLROEIa4o1OU279YueI90/edit

To add to Philippe's comments, and speaking on behalf of a major producer of open source software, the proposal for an "External Security and Asset Management Identifier" seems to be fundamentally

Hi Philippe, The document you commented on was from last week's discussion. Your input is appreciated and you're opinion is lining up with some of the thoughts expressed as part of the external

Hi Philippe, HI Yev Philippe, You are right about SWID. Yev, I may be biased over using CPEs and not using SWIDs. Here are my points on SWID. 1. SWID looks nice to have for software asset management

D’oh! Arrgh! Other grunting noises! Here is the correct link. Terribly sorry for the confusion/inconvenience. https://docs.google.com/document/d/1HTgrEKBlza_U3yZBKpgu9JDYhZkZ6Jbj9jNsmRreCMo/edit

<ybronshteyn@...> wrote: Yev: I guess you meant External and not Eternal.... I provided a few comments to your proposed spec in the doc

Hi Yev, The spec you linked to was the one I created for las week's call. Is there a different document we should be refering to? Thanks, Kate

Here is the spec for the proposed EternalPackage element. While I touch on usage in the beginning, I'll discuss some specific use cases in the context of SpdxTools on the

Hi, We're now less than on month away from LinuxCon, and we wanted to get some information out for those who want to participate in the SPDX 2.0 Bakeoff. If you can make it to Seattle that’s

http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02 Thanks again to Gary and the UNO team for the interesting presentation. L. Philip Odence General Manager Audit Services Vice President of

Hi everyone, Thanks for the chance to discuss the UNO SPDX tools at the General Meeting. Here are the links to the GH repositories for projects that are currently active: DoSOCS:

Hi, I would love to hear about SPDX 2 integrated into yocto or Open Embedded if someone has done that. Regards, Jeremiah On Jul 1, 2015 2:09 PM, "Philip Odence" <podence@...> wrote:

I’m trying to spice up every General Meeting with a speaker talking about a special topic, usually their organizations’ use of SPDX or work related to. If you have any ideas for future

Hi Rob, Thanks for you email. To request a new license be added to the SPDX License List, you need to provide the info listed on this page (most of which you already have)

I'm told I should contact you about registering Toybox's "zero clause bsd" license for an official 0BSD acronym/abbreviation. The license text itself (paragraphs 2 and 3 here):

Hi Terin, On the surface the following appears to be syntactically convenient: license-expression = 1*1(simple-expression / compound-expression / "NONE" / "NOASSERTION") but semantically

Hi Terin Neither could we. :-) Ah yes, that should be considered. Right now when NONE or NOASSERTION are permitted, they are associated with the actual fields in the specification (ie.

Kate: I'm unsure of any use case where you would want to mix NONE or NOASSERTION with either simple-expression or compound-expression in the same package. You may however want to use these strings

Hi Terin, Can you give us a real life use case where either "NONE" or "NOASSERTION" should be used in combination with other licenses? If there's a compelling use case as to why it should be